question

kamalamrati-8628 avatar image
0 Votes"
kamalamrati-8628 asked MarileeTurscak-MSFT commented

hasRole('ROLE_NAME') does not work with AADAppRoleStatelessAuthenticationFilter

when working with AADAppRoleStatelessAuthenticationFilter in Spring Security Config the antMatcher.haRole() is not working and gives access to all authenticated user regardless of their role in the AD manifest.

azure-ad-app-registration
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Based on the other issues I've seen, it looks like in order to retrieve a user's group membership and roles using graph API the registered app needs to have Direcory.AccessAsUser.All permissions, and you may need to update the WebSecurityConfig class as described in these posts. You also need to have the latest version of Spring Security which has the SecurityContextHolderAwareRequestWrapper.

https://stackoverflow.com/questions/61180360/spring-security-and-azure-ad-preauthorize-hasrole-is-not-working

https://stackoverflow.com/questions/62858528/using-azure-ad-premium-custom-roles-with-spring-security-for-role-based-access

https://spring.io/projects/spring-security

Are you able to provide any screenshots of your configuration?

0 Votes 0 ·

0 Answers